SIEM/MSSP

The hardest part about gathering information across the entire corporate network and environment is the scale of the data. Even analyzing one aspect of logs can be overwhelming. MSSP know this first hand as data analysis must be done repeatedly and for an ever growing list of clients. SIEM (Security Information and Event Management) is as attempt to collect and remediate security incidents and events.

Some of the more popular SIEM companies (paid and open source) used by MSSPs and Corporate security are:

Solar Winds

ArcSight

Splunk/Splunk Free

RSA Netwitness

IMB QRadar

OSSIM/Alien Vault

BlackStratus

Prelude

Event Tracker

OSSEC

Apache Metron

SIEMonster

Security Onion

Bro.org

OpenVAS

Cloud Passage

FireEye

AlgoSec

Firemon

LogRhythm

Elk Stack

There isn’t one “do it all” solution. Many SIEM solutions focus on particular aspects of security. Your needs will dictate which SIEM vendor(s) you support. What is your favorite? We will soon have articles relating to the various SIEM vendors.